Praisonaiagents

This hub aggregates every CVE we track for Praisonaiagents, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Praisonaiagents.

• CVE-2026-44339PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute8.6May 8, 2026
• CVE-2026-44335SSRF bypass in PraisonAI9.8May 8, 2026
• CVE-2026-41496PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)8.1May 8, 2026
• CVE-2026-40289PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions9.1Apr 14, 2026
• CVE-2026-40288PraisonAI: Critical RCE via `type: job` workflow YAML9.8Apr 14, 2026
• CVE-2026-40287PraisonAI has RCE via Automatic tools.py Import8.4Apr 14, 2026
• CVE-2026-40160PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback6.5Apr 10, 2026
• CVE-2026-40153PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool7.4Apr 9, 2026
• CVE-2026-40152PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary5.3Apr 9, 2026
• CVE-2026-40150PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool7.7Apr 9, 2026
• CVE-2026-40117PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate6.2Apr 9, 2026
• CVE-2026-40111PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)8.8Apr 9, 2026
• CVE-2026-39888PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)9.9Apr 8, 2026
• CVE-2026-34954PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL8.6Apr 3, 2026
• CVE-2026-34938PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code10.0Apr 3, 2026